ISO 27789:2013 卫生信息学 电子健康档案的审计跟踪

标准编号：ISO 27789:2013

中文名称：卫生信息学 电子健康档案的审计跟踪

英文名称：Health informatics — Audit trails for electronic health records

发布日期：2013-03

标准范围

ISO 27789:2013规定了电子健康记录（EHR）审计跟踪的通用框架，包括审计触发事件和审计数据，以使完整的个人健康信息能够跨信息系统和域进行审计。它适用于处理个人健康信息的系统，该系统符合ISO 27799，每次用户通过系统访问、创建、更新或归档个人健康信息时，都会创建一个安全的审计记录。ISO 27789:2013仅涵盖对EHR执行的操作，这些操作受电子健康记录所在域的访问策略管辖。除标识符外，它不处理电子健康记录中的任何个人健康信息，审计记录仅包含管理访问策略定义的EHR部分的链接。它不包括用于系统管理和系统安全目的的审计日志的规范和使用，例如检测性能问题、应用程序缺陷或支持数据重建，这些问题由通用计算机安全标准（如ISO/IEC 15408-2）处理。

ISO 27789:2013 specifies a common framework for audit trails for electronic health records (EHR), in terms of audit trigger events and audit data, to keep the complete set of personal health information auditable across information systems and domains.It is applicable to systems processing personal health information which, complying with ISO 27799, create a secure audit record each time a user accesses, creates, updates or archives personal health information via the system.ISO 27789:2013 covers only actions performed on the EHR, which are governed by the access policy for the domain where the electronic health record resides. It does not deal with any personal health information from the electronic health record, other than identifiers, the audit record only containing links to EHR segments as defined by the governing access policy.It does not cover the specification and use of audit logs for system management and system security purposes, such as the detection of performance problems, application flaw, or support for a reconstruction of data, which are dealt with by general computer security standards such as ISO/IEC 15408-2.

标准预览图